Scammers keep demonstrating how evil never sleeps. While their goals—to acquire peoples' financial and personal information—remain the same, their strategies frequently change to stay relevant. In fact, con artists have improved their methods and abilities to the point where some of them even con fellow con artists since their familiarity with the techniques makes it simpler to evade discovery and extort something from them.
According to a recent Sophos study, cybercriminals are allegedly defrauding one another of millions of dollars and utilizing arbitration to settle disputes over the schemes. The findings also reveal how attackers carry out their schemes against one another using tried-and-true techniques, some of which are decades old, such as typosquatting, phishing, backdoored software, and false marketplaces.
Let's go through each technique one at a time for those who are not familiar with how they operate:
Typosquatting: An attack that targets users who inadvertently enter the incorrect website address into their browser's URL field. Internet users frequently have no notion that the websites they are viewing or buying from are phony. This identity theft could be used by dishonest website operators to trick users into disclosing their personal information.
Phishing: An online scam in which victims are duped by receiving emails purporting to be from banks, mortgage lenders, or internet service providers.
Backdoor malware: Malware that bypasses standard authentication procedures to access the system. As a result, application resources are accessible remotely, giving attackers the ability to remotely update malware and run system commands.
Fake marketplace: The website acts as a launchpad for scams like fraudulent goods, catfishing, and even hacking.
Hackers and fraudsters are now more prevalent than only knowledgeable software developers and computer specialists. Today's technology is so user-friendly that "noobs" could be in charge of a fraud occurrence that costs companies and clients millions of dollars.
The number of fraud incidents rose by more than doubling (178%) in Asia-Pacific alone in the first quarter of 2021 compared to the same time in 2020. The two most frequent occurrence categories are online banking fraud and account takeovers, with increases of 250 percent and 650 percent, respectively.
Scammers getting the taste of their own medicine
For this research, BreachForums, an English-language cybercrime forum and marketplace that focuses on data leaks, as well as Exploit and XSS, were examined by Sophos X-Ops experts. Russian-language cybercrime forums Exploit and XSS provide access-as-a-service (AaaS) listings. All three locations have dedicated arbitration rooms.
Even while it occasionally causes chaos between "plaintiffs and defendants," the scamming of fraudsters is lucrative. Some alleged offenders simply disappear or call the complainants themselves "rippers." Sophos examined 600 scams over the course of a year, with claims ranging from US$ 2 to US$ 160,000, costing hackers more than US$ 2.5 million between them on just three sites.
Not all scams are conducted merely for financial gain. Matt Wixey, a Senior Security Researcher at Sophos, claims that interpersonal conflicts and rivalries were common. They also found cases where con artists would defraud those who had defrauded them.
“In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying US$ 250 to join a fake underground forum. The ‘winner’ of the contest received US$ 100,” Wixey stated.
Additionally, Sophos discovered that the dispute resolution and arbitration procedures left a wealth of unused intelligence behind, which security professionals and law enforcement might use to better understand and stop cybercriminal tactics.
